[code] OTScanIt2 logfile created on: 12/21/2008 3:31:11 PM - Run 1 OTScanIt2 by OldTimer - Version 1.0.3.1 Folder = C:\Documents and Settings\George.voicu\Desktop\OTScanIt2 Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 502.42 Mb Total Physical Memory | 111.93 Mb Available Physical Memory | 22.28% Memory free 1.20 Gb Paging File | 0.57 Gb Available in Paging File | 47.64% Paging File free Paging file location(s): C:\pagefile.sys 756 1512; %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 19.53 Gb Total Space | 2.04 Gb Free Space | 10.46% Space Free | Partition Type: NTFS Drive D: | 55.00 Gb Total Space | 4.49 Gb Free Space | 8.16% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: EE Current User Name: George.voicu Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days [Processes - Safe List] acu.exe -> %ProgramFiles%\Atheros\ACU.exe -> [2005/03/28 23:28:48 | 00,290,816 | ---- | M] (Atheros Communications, Inc.) agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> [2005/04/13 01:17:58 | 00,088,358 | ---- | M] (Agere Systems) apexdc.exe -> %ProgramFiles%\ApexDC++\ApexDC.exe -> [2008/06/10 22:06:16 | 03,103,232 | ---- | M] (ApexDC++ Development Team) applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [2008/11/26 19:18:51 | 00,081,000 | ---- | M] (ALWIL Software) ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/11/26 19:18:32 | 00,254,040 | ---- | M] (ALWIL Software) ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/11/26 19:18:46 | 00,155,160 | ---- | M] (ALWIL Software) ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/11/26 19:16:23 | 00,352,920 | ---- | M] (ALWIL Software) aspnet_state.exe -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/11/26 19:12:08 | 00,018,752 | ---- | M] (ALWIL Software) cfsserv.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSServ.exe -> [2005/04/13 07:54:38 | 00,794,624 | ---- | M] (TOSHIBA CORPORATION) cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> [2004/08/28 00:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/10/11 18:09:45 | 00,068,856 | ---- | M] (Google Inc.) hpswp_clipbook.exe -> %ProgramFiles%\HP\Smart Web Printing\hpswp_clipbook.exe -> [2007/03/02 15:51:40 | 00,173,672 | R--- | M] (Hewlett-Packard Co.) iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/23 07:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) ioctlsvc.exe -> %SystemRoot%\system32\IoctlSvc.exe -> [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) isuspm.exe -> %AllUsersProfile%\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe -> [2007/03/29 14:41:26 | 00,222,128 | ---- | M] (Macrovision Corporation) ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) metama~1.exe -> %ProgramFiles%\Metamail Inc\Metamail Reader\Metamail Secure Viewer.exe -> [2005/04/28 01:54:42 | 00,534,272 | ---- | M] (Metamail Corp.) metama~2.exe -> %ProgramFiles%\Metamail Inc\Metamail Reader\Metamail Secure Server.exe -> [2005/04/28 01:54:52 | 00,149,248 | ---- | M] (Metamail Corp.) msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2006/11/04 03:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/04 03:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools) pinger.exe -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe -> [2005/03/18 01:37:26 | 00,151,552 | ---- | M] (TOSHIBA Corporation) ramasst.exe -> %SystemRoot%\system32\RAMASST.exe -> [2004/08/28 00:37:00 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> [2008/04/26 21:42:32 | 00,026,112 | ---- | M] (RealNetworks, Inc.) smsvchost.exe -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) svchоst.exe -> %SystemRoot%\system32\svchоst.exe -> [2008/12/15 10:04:39 | 00,049,152 | ---- | M] () swupdtmr.exe -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [2004/05/13 22:46:02 | 00,053,248 | ---- | M] () yahooauservice.exe -> %ProgramFiles%\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 22:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> [2007/06/12 03:16:12 | 04,670,968 | ---- | M] (Yahoo! Inc.) [Win32 Services - Safe List] (ACS) Atheros Configuration Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\acs.exe -> [2004/12/23 01:50:04 | 00,036,864 | ---- | M] () (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) (aspnet_state) ASP.NET State Service [Win32_Own | Auto | Running] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/11/26 19:12:08 | 00,018,752 | ---- | M] (ALWIL Software) (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/11/26 19:18:46 | 00,155,160 | ---- | M] (ALWIL Software) (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/11/26 19:18:32 | 00,254,040 | ---- | M] (ALWIL Software) (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/11/26 19:16:23 | 00,352,920 | ---- | M] (ALWIL Software) (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) (CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> [2004/08/28 00:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2007/09/29 11:23:43 | 00,138,168 | ---- | M] (Google) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/14 02:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) (hpqcxs08) hpqcxs08 [Win32_Shared | On_Demand | Running] -> %ProgramFiles%\HP\Digital Imaging\bin\hpqcxs08.dll -> [2007/03/11 20:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) (hpqddsvc) HP CUE DeviceDiscovery Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\HP\Digital Imaging\bin\hpqddsvc.dll -> [2007/03/11 21:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) (Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft Office\Office12\GrooveAuditService.exe -> [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Auto | Running] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) (NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> -> File not found (NwSapAgent) SAP Agent [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\ipxsap.dll -> [2004/08/04 14:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) (odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) (PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\IoctlSvc.exe -> [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) (Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [2004/05/13 22:46:02 | 00,053,248 | ---- | M] () (WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/04 03:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/19 05:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/29 03:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) (YahooAUService) Yahoo! Updater [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 22:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Driver Services - Safe List] (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2008/11/26 19:15:35 | 00,026,944 | ---- | M] (ALWIL Software) (AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> [2005/04/13 01:19:42 | 01,066,278 | ---- | M] (Agere Systems) (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2005/04/19 19:40:00 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) (ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> [2004/11/16 01:22:08 | 00,101,874 | ---- | M] (Alps Electric Co., Ltd.) (AR5211) Atheros Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ar5211.sys -> [2004/12/23 01:45:36 | 00,393,600 | ---- | M] (Atheros Communications, Inc.) (Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\ASPI32.SYS -> [2002/07/17 17:53:02 | 00,016,877 | ---- | M] (Adaptec) (aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> [2008/11/26 19:17:25 | 00,020,560 | ---- | M] (ALWIL Software) (aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2008/11/26 19:18:18 | 00,094,032 | ---- | M] (ALWIL Software) (aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008/11/26 19:16:29 | 00,023,152 | ---- | M] (ALWIL Software) (aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008/11/26 19:17:36 | 00,111,184 | ---- | M] (ALWIL Software) (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008/11/26 19:16:38 | 00,050,864 | ---- | M] (ALWIL Software) (Cdr4_xp) Cdr4_xp [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> [2006/05/19 23:16:24 | 00,002,432 | ---- | M] (Sonic Solutions) (Cdralw2k) Cdralw2k [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\cdralw2k.sys -> [2006/05/19 23:16:24 | 00,002,560 | ---- | M] (Sonic Solutions) (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) (hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ewusbmdm.sys -> [2007/08/17 12:31:26 | 00,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> [2004/11/02 03:27:20 | 00,773,565 | ---- | M] (Intel Corporation) (meiudf) meiudf [File_System | System | Running] -> %SystemRoot%\system32\drivers\meiudf.sys -> [2005/06/02 03:33:00 | 00,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) (Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Netdevio.sys -> [2003/01/29 23:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) (NwlnkIpx) NWLink IPX/SPX/NetBIOS Compatible Transport Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnkipx.sys -> [2008/04/13 20:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) (NwlnkNb) NWLink NetBIOS [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnknb.sys -> [2004/08/04 14:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) (NwlnkSpx) NWLink SPX/SPXII Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnkspx.sys -> [2004/08/04 14:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) (Pfc) Padus ASPI Shell [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pfc.sys -> [2003/09/20 00:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2007/03/08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) (sdbus) sdbus [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2008/04/13 20:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 12:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (sffdisk) SFF Storage Class Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffdisk.sys -> [2008/04/13 20:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) (sffp_sd) SFF Storage Protocol Driver for SDBus [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffp_sd.sys -> [2008/04/13 20:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) (SoC PC-Camera Service) SoC PC-Camera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pfc027.sys -> [2004/03/24 03:22:26 | 00,138,396 | R--- | M] () (SrvcEKIOMngr) SrvcEKIOMngr [Kernel | System | Running] -> %SystemRoot%\system32\drivers\EKIOMngr.sys -> [2005/04/21 04:59:58 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) (SrvcSSIOMngr) SrvcSSIOMngr [Kernel | System | Running] -> %SystemRoot%\system32\drivers\SSIOMngr.sys -> [2005/04/21 04:59:58 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) (TBiosDrv) TBiosDrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tbiosdrv.sys -> [2003/06/11 17:53:22 | 00,006,867 | ---- | M] () (tifm21) tifm21 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tifm21.sys -> [2005/04/05 01:25:36 | 00,160,768 | ---- | M] (Texas Instruments) (TPwSav) Common Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TPwSav.sys -> [2005/02/26 04:22:26 | 00,008,704 | ---- | M] (TOSHIBA ) (tunmp) Microsoft Tun Miniport Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tunmp.sys -> [2008/04/13 20:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) (Tvs) Toshiba Virtual Sound with SRS technologies [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Tvs.sys -> [2005/04/15 22:46:04 | 00,029,056 | ---- | M] (TOSHIBA Corporation) (WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/04 14:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) (yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\yk51x86.sys -> [2005/03/31 02:18:40 | 00,230,400 | ---- | M] (Marvell) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.ro -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.ro -> HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://www.google.ro -> HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.ro -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.ro -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.ro -> HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.ro/ig?hl=ro&refresh=1 -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.ro -> HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/11/20 23:21:28 | 00,911,600 | ---- | M] (Yahoo! Inc.) HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> < HOSTS File > (734 bytes and 19 lines) -> C:\windows\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/11/20 23:21:28 | 00,911,600 | ---- | M] (Yahoo! Inc.) {0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2007/03/02 15:52:24 | 01,298,024 | R--- | M] (Hewlett-Packard Co.) {053F9267-DC04-4294-A72C-58F732D338C0} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_framework.dll [HP Print Clips] -> [2007/03/02 15:52:08 | 00,177,768 | R--- | M] (Hewlett-Packard Co.) {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.8.7.dll [BitComet Helper] -> [2008/08/11 10:12:14 | 00,656,696 | ---- | M] (BitComet) {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2007/08/24 07:01:22 | 02,212,224 | ---- | M] (Microsoft Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/10 05:43:31 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2007/09/29 11:23:41 | 02,403,392 | R--- | M] (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [Google Toolbar Notifier BHO] -> [2008/09/23 19:38:51 | 00,737,776 | ---- | M] (Google Inc.) {C09C9904-FD44-11D6-A711-00105AC8F168} [HKLM] -> %ProgramFiles%\Metamail Inc\Metamail Reader\IEPlugIn.dll [MCIEPlugIn Class] -> [2005/04/27 18:50:34 | 00,086,016 | ---- | M] (Metamail Corp.) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/10 05:43:16 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/11/10 05:43:17 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/11/20 23:21:28 | 00,160,496 | ---- | M] (Yahoo! Inc) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2007/09/29 11:23:41 | 02,403,392 | R--- | M] (Google Inc.) "{BA52B914-B692-46c4-B683-905236F6F655}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/11/20 23:21:28 | 00,911,600 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2007/09/29 11:23:41 | 02,403,392 | R--- | M] (Google Inc.) WebBrowser\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/11/20 23:21:28 | 00,911,600 | ---- | M] (Yahoo! Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ACU" -> %ProgramFiles%\Atheros\ACU.exe ["C:\Program Files\Atheros\ACU.exe" -nogui] -> [2005/03/28 23:28:48 | 00,290,816 | ---- | M] (Atheros Communications, Inc.) "Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 21:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) "AGRSMMSG" -> %SystemRoot%\agrsmmsg.exe [AGRSMMSG.exe] -> [2005/04/13 01:17:58 | 00,088,358 | ---- | M] (Agere Systems) "avast!" -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2008/11/26 19:18:51 | 00,081,000 | ---- | M] (ALWIL Software) "CFSServ.exe" -> [CFSServ.exe -NoClient] -> File not found "IgfxTray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2004/11/02 03:03:44 | 00,155,648 | ---- | M] (Intel Corporation) "iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) "NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\windows\system32\NeroCheck.exe] -> [2001/07/09 11:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh) "Pinger" -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] -> [2005/03/18 01:37:26 | 00,151,552 | ---- | M] (TOSHIBA Corporation) "QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) "RealTray" -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> [2008/04/26 21:42:32 | 00,026,112 | ---- | M] (RealNetworks, Inc.) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) "svchost.exe" -> %SystemRoot%\system32\svchоst.exe [C:\windows\system32\svchоst.exe] -> [2008/12/15 10:04:39 | 00,049,152 | ---- | M] () "SVPWUTIL" -> %ProgramFiles%\Toshiba\Windows Utilities\SVPWUTIL.exe [C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL] -> [2005/02/26 00:59:34 | 00,065,536 | ---- | M] (TOSHIBA) "Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/04 03:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ISUSPM" -> %AllUsersProfile%\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe ["C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler] -> [2007/03/29 14:41:26 | 00,222,128 | ---- | M] (Macrovision Corporation) "swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/10/11 18:09:45 | 00,068,856 | ---- | M] (Google Inc.) "Yahoo! Pager" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2007/06/12 03:16:12 | 04,670,968 | ---- | M] (Yahoo! Inc.) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\RAMASST.lnk -> %SystemRoot%\system32\RAMASST.exe -> [2004/08/28 00:37:00 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) < George.voicu Startup Folder > -> C:\Documents and Settings\George.voicu\Start Menu\Programs\Startup -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"EnableLUA" -> [0] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll [res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML] -> File not found &D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe [res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm] -> [2008/11/12 11:30:06 | 02,511,672 | ---- | M] (www.BitComet.com) &D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe [res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm] -> [2008/11/12 11:30:06 | 02,511,672 | ---- | M] (www.BitComet.com) &D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe [res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm] -> [2008/11/12 11:30:06 | 02,511,672 | ---- | M] (www.BitComet.com) E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2008/07/30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) {58ECB495-38F0-49cb-A538-10282ABF65E7}:{E763472E-A716-4CD9-89BD-DBDA6122F741} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Button: HP Clipbook] -> [2007/03/02 15:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.) {700259D7-1666-479a-93B1-3250410481E8}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Button: HP Smart Select] -> [2007/03/02 15:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 18:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}:res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.8.7.dll [Button: BitComet] -> [2008/08/11 10:12:14 | 00,656,696 | ---- | M] (BitComet) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 18:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> {6B75345B-AA36-438A-BBE6-4078B4C6984D} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab[HpProductDetection Class] -> {74DBCB52-F298-4110-951D-AD2FF67BC8AB} [HKLM] -> http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab[NVIDIA Smart Scan] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {B1953AD6-C50E-11D3-B020-00A0C9251384} [HKLM] -> http://www.o2c.de/download/o2cplayer.cab[O2C-Player (ELECO Software GmbH)] -> {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[RealPlayer G2 Control] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} [HKLM] -> http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab[IWinAmpActiveX Class] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {413ABCA8-A283-4D93-AE9B-5DA0D0CB35C2} -> 85.255.116.38;85.255.112.95 (Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller) -> {9FBB223E-0339-486A-A1E3-8D3E3D6FC7E3} -> () -> {C3A09872-486F-4D8C-A239-0C3C70688DE6} -> (Atheros AR5005G Wireless Network Adapter) -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> [2004/11/02 02:59:20 | 00,348,160 | ---- | M] (Intel Corporation) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/04 03:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation) "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2007/08/24 07:01:22 | 02,212,224 | ---- | M] (Microsoft Corporation) "{B9E618A2-A4FE-11D4-83C2-005004636C96}" [HKLM] -> %ProgramFiles%\Metamail Inc\Metamail Reader\OESHook.dll [OE Shell Hook] -> [2005/04/27 00:26:40 | 00,045,056 | ---- | M] (Metamail Corp.) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 02:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 02:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "%windir%\system32\sopocx.ocx" -> C:\WINDOWS\system32\sopocx.ocx [%windir%\system32\sopocx.ocx:*:Enabled:sopocx.ocx] -> [2008/09/11 23:00:09 | 00,620,032 | ---- | M] (SopCast.com) "%windir%\system32\tvu49.ocx" -> C:\WINDOWS\system32\tvu49.ocx [%windir%\system32\tvu49.ocx:*:Enabled:tvu49.ocx] -> [2008/10/27 05:18:26 | 00,026,624 | ---- | M] (Tv-U Net Plugin) "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found "C:\Program Files\ApexDC++\ApexDC.exe" -> C:\Program Files\ApexDC++\ApexDC.exe [C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++] -> [2008/06/10 22:06:16 | 03,103,232 | ---- | M] (ApexDC++ Development Team) "C:\Program Files\Azureus\Azureus.exe" -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> [2008/10/10 02:00:50 | 00,199,608 | ---- | M] (Vuze Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer] -> [2008/08/23 07:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) "C:\Program Files\LiberTV\LiberTV.exe" -> C:\Program Files\LiberTV\LiberTV.exe [C:\Program Files\LiberTV\LiberTV.exe:*:Enabled:LiberTV Player] -> [2007/08/29 11:31:18 | 02,277,376 | ---- | M] () "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/06/12 03:16:12 | 04,670,968 | ---- | M] (Yahoo! Inc.) "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module] -> [2007/06/12 03:16:14 | 00,091,640 | ---- | M] (Yahoo! Inc.) "C:\WINDOWS\network diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [C:\WINDOWS\network diagnostic\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP] -> [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 20:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\autorun.inf [[autorun] | ;uxlbvrtlgdolebtiwurnskpjrnqwmlhwqqtxkjkjncfmsaahggtbjefz | shellexecute="resycled\boot.com c:" | ;fyatddgglsxomzlkesxqhovdljjqtuukikueaczjxnmoafvsgjcenqybijqcqcmboupbmimlnrpwjrsfbemvfyuesp | shell\Open\command="resycled\boot.com c:" | ;ofpgeyaexbb | ] -> %SystemDrive%\autorun.inf [ NTFS ] -> [2008/12/17 12:07:04 | 00,000,255 | RHS- | M] () D:\autorun.inf [[autorun] | ;remblfrdpbrrkvidqawhdvdpci | shellexecute="resycled\boot.com d:" | ;zhjpmuknpgkzlxjrzvuomjgbahendvqhrnuyvtqyqrosaybaaeiapx | shell\Open\command="resycled\boot.com d:" | ;pqmksderxuniozdosvbvfkheifpznjzgfhzrvutjkulkmecslecfvzmapjowbffhwzvxrwlvrpfyr | ] -> D:\autorun.inf [ NTFS ] -> [2008/12/17 12:07:04 | 00,000,255 | RHS- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{1a5827d6-6870-11dd-b4dd-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a5827d6-6870-11dd-b4dd-000fb08d3110}\Shell \{1a5827d6-6870-11dd-b4dd-000fb08d3110}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a5827d6-6870-11dd-b4dd-000fb08d3110}\Shell\AutoRun \{1a5827d6-6870-11dd-b4dd-000fb08d3110}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a5827d6-6870-11dd-b4dd-000fb08d3110}\Shell\AutoRun\command \{1a5827d6-6870-11dd-b4dd-000fb08d3110}\Shell\AutoRun\command\\"" -> F:\StartVMCLite.exe [F:\StartVMCLite.exe] -> File not found \{1a5827d7-6870-11dd-b4dd-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a5827d7-6870-11dd-b4dd-000fb08d3110}\Shell \{1a5827d7-6870-11dd-b4dd-000fb08d3110}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a5827d7-6870-11dd-b4dd-000fb08d3110}\Shell\AutoRun \{1a5827d7-6870-11dd-b4dd-000fb08d3110}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a5827d7-6870-11dd-b4dd-000fb08d3110}\Shell\AutoRun\command \{1a5827d7-6870-11dd-b4dd-000fb08d3110}\Shell\AutoRun\command\\"" -> F:\StartVMCLite.exe [F:\StartVMCLite.exe] -> File not found \{5e8b8cf3-1614-11dd-97ba-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e8b8cf3-1614-11dd-97ba-000fb08d3110}\Shell\AutoRun\command \{5e8b8cf3-1614-11dd-97ba-000fb08d3110}\Shell\AutoRun\command\\"" -> [RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isew32.exe] -> File not found \{5e8b8cf3-1614-11dd-97ba-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e8b8cf3-1614-11dd-97ba-000fb08d3110}\Shell\open\command \{5e8b8cf3-1614-11dd-97ba-000fb08d3110}\Shell\open\command\\"" -> [RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isew32.exe] -> File not found \{754eb86a-523b-11dc-8ba8-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{754eb86a-523b-11dc-8ba8-000fb08d3110}\Shell \{754eb86a-523b-11dc-8ba8-000fb08d3110}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{754eb86a-523b-11dc-8ba8-000fb08d3110}\Shell\1\Command \{754eb86a-523b-11dc-8ba8-000fb08d3110}\Shell\1\Command\\"" -> F:\.\RECYCLER\RECYCLER\autorun.exe [F:\.\RECYCLER\RECYCLER\autorun.exe -autorun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{754eb86a-523b-11dc-8ba8-000fb08d3110}\Shell\2\Command \{754eb86a-523b-11dc-8ba8-000fb08d3110}\Shell\2\Command\\"" -> F:\.\RECYCLER\RECYCLER\autorun.exe [F:\.\RECYCLER\RECYCLER\autorun.exe -autorun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{754eb86a-523b-11dc-8ba8-000fb08d3110}\Shell\AutoRun \{754eb86a-523b-11dc-8ba8-000fb08d3110}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found \{809ba65a-4260-11dc-8b83-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{809ba65a-4260-11dc-8b83-000fb08d3110}\Shell \{809ba65a-4260-11dc-8b83-000fb08d3110}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{809ba65a-4260-11dc-8b83-000fb08d3110}\Shell\AutoRun \{809ba65a-4260-11dc-8b83-000fb08d3110}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found \{b24fe7a2-3312-11dc-8b5c-806d6172696f} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b24fe7a2-3312-11dc-8b5c-806d6172696f}\Shell \{b24fe7a2-3312-11dc-8b5c-806d6172696f}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b24fe7a2-3312-11dc-8b5c-806d6172696f}\Shell\AutoRun \{b24fe7a2-3312-11dc-8b5c-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b24fe7a2-3312-11dc-8b5c-806d6172696f}\Shell\Open\command \{b24fe7a2-3312-11dc-8b5c-806d6172696f}\Shell\Open\command\\"" -> [resycled\boot.com c:] -> File not found \{b24fe7a3-3312-11dc-8b5c-806d6172696f} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b24fe7a3-3312-11dc-8b5c-806d6172696f}\Shell \{b24fe7a3-3312-11dc-8b5c-806d6172696f}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b24fe7a3-3312-11dc-8b5c-806d6172696f}\Shell\AutoRun \{b24fe7a3-3312-11dc-8b5c-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b24fe7a3-3312-11dc-8b5c-806d6172696f}\Shell\Open\command \{b24fe7a3-3312-11dc-8b5c-806d6172696f}\Shell\Open\command\\"" -> [resycled\boot.com d:] -> File not found \{c9bc5e9c-564a-11dc-8bbd-0011f576fc26} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc5e9c-564a-11dc-8bbd-0011f576fc26}\Shell \{c9bc5e9c-564a-11dc-8bbd-0011f576fc26}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc5e9c-564a-11dc-8bbd-0011f576fc26}\Shell\1\Command \{c9bc5e9c-564a-11dc-8bbd-0011f576fc26}\Shell\1\Command\\"" -> H:\.\RECYCLER\RECYCLER\autorun.exe [H:\.\RECYCLER\RECYCLER\autorun.exe -autorun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc5e9c-564a-11dc-8bbd-0011f576fc26}\Shell\2\Command \{c9bc5e9c-564a-11dc-8bbd-0011f576fc26}\Shell\2\Command\\"" -> H:\.\RECYCLER\RECYCLER\autorun.exe [H:\.\RECYCLER\RECYCLER\autorun.exe -autorun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bc5e9c-564a-11dc-8bbd-0011f576fc26}\Shell\AutoRun \{c9bc5e9c-564a-11dc-8bbd-0011f576fc26}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found \{cc64a9af-458e-11dc-8b8a-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc64a9af-458e-11dc-8b8a-000fb08d3110}\Shell \{cc64a9af-458e-11dc-8b8a-000fb08d3110}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc64a9af-458e-11dc-8b8a-000fb08d3110}\Shell\1\Command \{cc64a9af-458e-11dc-8b8a-000fb08d3110}\Shell\1\Command\\"" -> F:\.\RECYCLER\RECYCLER\autorun.exe [F:\.\RECYCLER\RECYCLER\autorun.exe -autorun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc64a9af-458e-11dc-8b8a-000fb08d3110}\Shell\2\Command \{cc64a9af-458e-11dc-8b8a-000fb08d3110}\Shell\2\Command\\"" -> F:\.\RECYCLER\RECYCLER\autorun.exe [F:\.\RECYCLER\RECYCLER\autorun.exe -autorun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc64a9af-458e-11dc-8b8a-000fb08d3110}\Shell\AutoRun \{cc64a9af-458e-11dc-8b8a-000fb08d3110}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found \{d9c43592-a43b-11dc-8c4f-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9c43592-a43b-11dc-8c4f-000fb08d3110}\Shell\Auto\command \{d9c43592-a43b-11dc-8c4f-000fb08d3110}\Shell\Auto\command\\"" -> F:\auto2.pif [F:\auto2.pif] -> File not found \{d9c43592-a43b-11dc-8c4f-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9c43592-a43b-11dc-8c4f-000fb08d3110}\Shell\AutoRun \{d9c43592-a43b-11dc-8c4f-000fb08d3110}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found \{dfdcf67a-dbfd-11dc-86e0-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfdcf67a-dbfd-11dc-86e0-000fb08d3110}\shell\Setup\command \{dfdcf67a-dbfd-11dc-86e0-000fb08d3110}\shell\Setup\command\\"" -> F:\setup.exe [F:\setup.exe] -> File not found \{e05d29a7-557b-11dc-8bac-0011f576fc26} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e05d29a7-557b-11dc-8bac-0011f576fc26}\Shell\AutoRun\command \{e05d29a7-557b-11dc-8bac-0011f576fc26}\Shell\AutoRun\command\\"" -> F:\setupSNK.exe [F:\setupSNK.exe] -> File not found \{e0cf164d-498d-11dc-8b93-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0cf164d-498d-11dc-8b93-000fb08d3110}\Shell \{e0cf164d-498d-11dc-8b93-000fb08d3110}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0cf164d-498d-11dc-8b93-000fb08d3110}\Shell\AutoRun \{e0cf164d-498d-11dc-8b93-000fb08d3110}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found \{f08dfaec-67df-11dd-b4dc-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f08dfaec-67df-11dd-b4dc-000fb08d3110}\Shell \{f08dfaec-67df-11dd-b4dc-000fb08d3110}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f08dfaec-67df-11dd-b4dc-000fb08d3110}\Shell\AutoRun \{f08dfaec-67df-11dd-b4dc-000fb08d3110}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f08dfaec-67df-11dd-b4dc-000fb08d3110}\Shell\AutoRun\command \{f08dfaec-67df-11dd-b4dc-000fb08d3110}\Shell\AutoRun\command\\"" -> F:\StartVMCLite.exe [F:\StartVMCLite.exe] -> File not found \{f08dfaed-67df-11dd-b4dc-000fb08d3110} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f08dfaed-67df-11dd-b4dc-000fb08d3110}\Shell \{f08dfaed-67df-11dd-b4dc-000fb08d3110}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f08dfaed-67df-11dd-b4dc-000fb08d3110}\Shell\AutoRun \{f08dfaed-67df-11dd-b4dc-000fb08d3110}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f08dfaed-67df-11dd-b4dc-000fb08d3110}\Shell\AutoRun\command \{f08dfaed-67df-11dd-b4dc-000fb08d3110}\Shell\AutoRun\command\\"" -> F:\StartVMCLite.exe [F:\StartVMCLite.exe] -> File not found [Files/Folders - Created Within 30 Days] OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/21 15:30:55 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/21 15:29:16 | 00,647,677 | ---- | C] () Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [2008/12/19 23:20:33 | 00,000,000 | ---D | C] Irak -> %UserProfile%\My Documents\Irak -> [2008/12/17 14:35:28 | 00,000,000 | ---D | C] WPO_USBases_Dec08_pr.pdf -> %UserProfile%\My Documents\WPO_USBases_Dec08_pr.pdf -> [2008/12/16 22:23:26 | 00,033,406 | ---- | C] () WPO_USBases_Dec08_quaire.pdf -> %UserProfile%\My Documents\WPO_USBases_Dec08_quaire.pdf -> [2008/12/16 22:23:01 | 00,147,976 | ---- | C] () svch?st.exe -> %SystemRoot%\System32\svchоst.exe -> [2008/12/15 10:04:39 | 00,049,152 | ---- | C] () extravideo -> %ProgramFiles%\extravideo -> [2008/12/15 09:40:34 | 00,000,000 | ---D | C] autorun.inf -> %SystemDrive%\autorun.inf -> [2008/12/15 09:40:33 | 00,000,255 | RHS- | C] () resycled -> %SystemDrive%\resycled -> [2008/12/15 09:40:33 | 00,000,000 | RHSD | C] My Digital Editions -> %UserProfile%\My Documents\My Digital Editions -> [2008/12/12 15:32:26 | 00,000,000 | ---D | C] tudose -> %UserProfile%\My Documents\tudose -> [2008/12/12 10:45:00 | 00,000,000 | ---D | C] DVD Ram.temp -> %SystemDrive%\DVD Ram.temp -> [2008/12/10 16:11:27 | 00,000,000 | ---D | C] CALENDRIER_2009.pps -> %UserProfile%\My Documents\CALENDRIER_2009.pps -> [2008/12/10 08:18:37 | 03,255,296 | ---- | C] () temp -> %ProgramFiles%\temp -> [2008/12/10 02:25:25 | 00,000,000 | ---D | C] Azureus Downloads -> %UserProfile%\My Documents\Azureus Downloads -> [2008/12/06 02:23:06 | 00,000,000 | ---D | C] Shortcut to Co.lnk -> %UserProfile%\Desktop\Shortcut to Co.lnk -> [2008/12/02 11:12:33 | 00,000,523 | ---- | C] () iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2008/11/27 03:23:20 | 00,001,804 | ---- | C] () iPod -> %ProgramFiles%\iPod -> [2008/11/27 03:22:53 | 00,000,000 | ---D | C] iTunes -> %ProgramFiles%\iTunes -> [2008/11/27 03:22:38 | 00,000,000 | ---D | C] {3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/11/27 03:22:38 | 00,000,000 | ---D | C] Bonjour -> %ProgramFiles%\Bonjour -> [2008/11/27 03:19:30 | 00,000,000 | ---D | C] QuickTime -> %ProgramFiles%\QuickTime -> [2008/11/27 03:18:18 | 00,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] 99 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> 3 C:\windows\*.tmp files -> C:\windows\*.tmp -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2005/05/23 23:51:43 | 00,000,000 | ---D | M] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/21 15:23:52 | 00,007,306 | ---- | M] () qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/21 15:23:53 | 00,005,629 | ---- | M] () C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2007/09/20 19:07:24 | 00,000,000 | ---D | M] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2007/07/17 12:43:11 | 00,008,264 | ---- | M] () opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2007/09/20 19:07:24 | 00,008,206 | ---- | M] () C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [2008/10/28 22:42:40 | 00,000,000 | ---D | M] CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [2008/06/21 01:43:49 | 00,001,804 | ---- | M] () wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [2008/05/29 14:00:47 | 00,016,384 | ---- | M] () wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [2008/06/05 10:09:43 | 00,162,451 | ---- | M] () C:\Documents and Settings\George.voicu\Local Settings\Temp\ -> C:\Documents and Settings\George.voicu\Local Settings\Temp -> [2008/12/21 15:30:01 | 00,000,000 | ---D | M] ytb_7.2.4.4a_1.6.3_ysp_1.2.7_mail_bts_pub_us_setup_.exe -> C:\Documents and Settings\George.voicu\Local Settings\Temp\ytb_7.2.4.4a_1.6.3_ysp_1.2.7_mail_bts_pub_us_setup_.exe -> [2008/12/19 23:19:56 | 03,000,840 | ---- | M] (Yahoo! Inc.) 8 C:\Documents and Settings\George.voicu\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\George.voicu\Local Settings\Temp\*.tmp -> C:\Documents and Settings\George.voicu\Local Settings\Temp\ -> C:\Documents and Settings\George.voicu\Local Settings\Temp -> [2008/12/21 15:30:01 | 00,000,000 | ---D | M] Perflib_Perfdata_bcc.dat -> C:\Documents and Settings\George.voicu\Local Settings\Temp\Perflib_Perfdata_bcc.dat -> [2008/12/21 14:23:47 | 00,016,384 | ---- | M] () 8 C:\Documents and Settings\George.voicu\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\George.voicu\Local Settings\Temp\*.tmp -> C:\windows\Temp\ -> C:\WINDOWS\Temp -> [2008/12/21 15:31:12 | 00,000,000 | ---D | M] Perflib_Perfdata_148.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_148.dat -> [2008/12/21 14:22:50 | 00,016,384 | ---- | M] () Perflib_Perfdata_1d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1d4.dat -> [2008/12/21 14:23:15 | 00,016,384 | ---- | M] () Perflib_Perfdata_71c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat -> [2008/12/19 23:11:58 | 00,016,384 | ---- | M] () Perflib_Perfdata_b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b0.dat -> [2008/12/21 01:57:23 | 00,016,384 | ---- | M] () OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/21 15:29:22 | 00,647,677 | ---- | M] () MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2008/12/21 14:25:53 | 00,000,330 | -H-- | M] () CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [2008/12/21 14:24:10 | 00,002,626 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/21 14:22:45 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/21 14:22:39 | 00,002,048 | --S- | M] () autorun.inf -> %SystemDrive%\autorun.inf -> [2008/12/17 12:07:04 | 00,000,255 | RHS- | M] () WPO_USBases_Dec08_pr.pdf -> %UserProfile%\My Documents\WPO_USBases_Dec08_pr.pdf -> [2008/12/16 22:23:26 | 00,033,406 | ---- | M] () WPO_USBases_Dec08_quaire.pdf -> %UserProfile%\My Documents\WPO_USBases_Dec08_quaire.pdf -> [2008/12/16 22:23:06 | 00,147,976 | ---- | M] () NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/12/15 10:06:48 | 00,000,116 | ---- | M] () svch?st.exe -> %SystemRoot%\System32\svchоst.exe -> [2008/12/15 10:04:39 | 00,049,152 | ---- | M] () CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2008/12/12 15:37:54 | 00,001,551 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/11 22:12:12 | 00,001,158 | ---- | M] () RAMASST.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\RAMASST.lnk -> [2008/12/10 16:12:44 | 00,001,500 | ---- | M] () machine.ver -> %SystemRoot%\machine.ver -> [2008/12/10 16:04:41 | 00,002,838 | ---- | M] () swupdate.INI -> %SystemRoot%\swupdate.INI -> [2008/12/10 16:03:24 | 00,000,067 | ---- | M] () CALENDRIER_2009.pps -> %UserProfile%\My Documents\CALENDRIER_2009.pps -> [2008/12/10 08:18:50 | 03,255,296 | ---- | M] () AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/12/08 22:42:04 | 00,000,284 | ---- | M] () Shortcut to Co.lnk -> %UserProfile%\Desktop\Shortcut to Co.lnk -> [2008/12/02 11:12:33 | 00,000,523 | ---- | M] () wklnhst.dat -> %AppData%\wklnhst.dat -> [2008/11/27 11:58:52 | 00,000,162 | ---- | M] () iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2008/11/27 03:23:20 | 00,001,804 | ---- | M] () aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> [2008/11/26 19:21:30 | 01,236,208 | ---- | M] (ALWIL Software) aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> [2008/11/26 19:18:25 | 00,093,296 | ---- | M] (ALWIL Software) aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2008/11/26 19:18:18 | 00,094,032 | ---- | M] (ALWIL Software) aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008/11/26 19:17:36 | 00,111,184 | ---- | M] (ALWIL Software) aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> [2008/11/26 19:17:25 | 00,020,560 | ---- | M] (ALWIL Software) aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008/11/26 19:16:38 | 00,050,864 | ---- | M] (ALWIL Software) aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008/11/26 19:16:29 | 00,023,152 | ---- | M] (ALWIL Software) aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2008/11/26 19:15:35 | 00,026,944 | ---- | M] (ALWIL Software) AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> [2008/11/26 19:15:10 | 00,097,480 | ---- | M] (ALWIL Software) [Alternate Data Streams] @Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable < End of report > [/code]